JP2005521935A - System and method for controlling access between devices in a computer system - Google Patents

Abstract

An apparatus and a method for providing access security to a target device (414A to 414D). The apparatus includes a security check unit (416, 418) configured to be connected to a transmission medium (408, 412). The security check unit (416, 418) monitors a signal on the transmission medium (408, 412) and is transmitted by the first device (414A to 414D) connected to the transmission medium (408, 412). 412) is configured to detect an attempt to access a second device (414A-414D) connected to 412) based on the signal. The security check unit (416, 418) also identifies the first device (414A-414D) based on the signal and accesses the second device (414A-414D) by the first device (414A-414D). Are controlled according to the identification result of the first device (414A to 414D).

Description

  The present invention relates generally to computer systems, and more particularly to structures and methods for providing access protection to computer system elements.

  In addition, this application is a copending application number 10 / 011,151 filed on Dec. 5, 2001, “System and Method for Handling Device Access to Memory and Device Access Processing System with Improved Access Security to Memory”. a Memory Providing Incremented Memory Access Security ”and co-pending application No. 10 / 005,271 (Attorney Docket No. 2000.055900 (TT4079))“ Memory Management System and Method for Improving Access Security to Memory (Memory Management System and Method Providing Increased Memory Access Security) ”, and co-pending application No. 10 / 108,253, filed on the same day as the present application,“ Method Providing Region-Granular, Hardware ” -Controlled Memory Encryption) ".

  In general computer systems, a memory hierarchy is introduced to obtain a relatively high level of performance at a relatively low cost. The instructions of several different software programs are typically stored on a non-volatile storage unit (eg, disk drive unit) that is relatively large in capacity but slow. When the user selects and executes one of the programs, the instructions of the selected program are copied to the main memory unit, and the central processing unit (CPU) gets the instructions of the selected program from the main memory unit. . A well-known virtual memory management technique allows the CPU to access a data structure that is larger in size than the main memory unit by storing only a portion of the data structure in the main memory unit at any given time. The rest of the data structure is stored in a relatively large but slow-speed non-volatile storage unit and is copied to the main memory unit only when necessary.

  Virtual memory is typically implemented by dividing the CPU address space into a plurality of blocks called page frames or “pages”. Only data corresponding to a portion of the page is stored in the main memory unit at any time. If the CPU generates an address in a page and the copy of the page is not located in the main memory unit, the page that requires data is a relatively large capacity but slow speed nonvolatile storage unit to main memory Copied to the unit. In this process, another page of data may be copied from the main memory unit to the non-volatile storage unit to free up space for the required page.

  The popular 80x86 (x86) processor architecture includes dedicated hardware elements that support a protected virtual address mode (ie, protected mode). Here, how the x86 processor performs both virtual memory and memory protection functions will be described with reference to FIGS. FIG. 1 is a diagram of a well-known linear-to-physical address translation mechanism 100 for the x86 processor architecture. The address translation mechanism 100 is incorporated into an x86 processor and includes a linear address 102 generated within the x86 processor, a page table directory (ie, page directory) 104, a plurality of page tables including a page table 106, and a page frame 108. A plurality of page frames and a control register 3 (CR3) 110 are included. The page directory 104 and the plurality of page tables are paged memory data structures that are generated and maintained by operating system software (ie, the operating system). The page directory 104 is always located in memory (eg, main memory unit). For ease of explanation, assume that page table 106 and page frame 108 are also in memory.

  As shown in FIG. 1, the linear address 102 is divided into three parts in order to realize linear-physical address conversion. The most significant bit of CR3 110 is used to store the page directory base register. The page directory base register is a base address of a memory page in which the page directory 104 is included. The page directory 104 includes a plurality of page directory entries including a page directory entry 112. The “directory index” portion above the linear address 102 includes the most significant bit of the linear address 102, that is, the most significant bit, and is used as an index to the page directory 104. The page directory entry 112 is selected from within the page directory 104 using the CR3 110 page directory base register and the “directory index” portion above the linear address 102.

  FIG. 2 is a diagram of a page directory entry format 200 for the x86 processor architecture. As shown in FIG. 2, the most significant (that is, most significant) bit of a page directory entry includes a page table base address. Here, the page table base address is a base address of a memory page including a corresponding page table. The page table base address of the page directory entry 112 is used to select the corresponding page table 106.

  Referring back to FIG. 1, the page table 106 includes a plurality of page table entries including a page table entry 114. The page table entry 114 is selected by using the “table index” portion at the middle of the linear address 102 as an index to the page table 106. FIG. 3 is a diagram of a page table entry format 300 for the x86 processor architecture. As shown in FIG. 3, the most significant (that is, most significant) bit of a page table entry includes a page frame base address. Here, the page frame base address is the base address of the corresponding page frame.

  Again in FIG. 1, the page frame base address of the page table entry 114 is used to select the corresponding page frame 108. The page frame 108 includes a plurality of memory locations. The portion below the linear address 102, that is, the “offset” portion is used as an index to the page frame 108. When the page frame base address of the page table entry 114 and the offset portion of the linear address 102 are combined, it becomes a physical address corresponding to the linear address 102 and represents a memory location 116 in the page frame 108. Memory location 116 has a physical address resulting from linear-to-physical address translation.

  Regarding the memory protection function, the page directory entry format 200 of FIG. 2 and the page table entry format 300 of FIG. 3 have a user / administrator (U / S) bit and a read / write (R / W) bit. Including. The contents of the U / S bit and the R / W bit are used by the operating system to protect the corresponding page frame (ie, memory page) from unauthorized access. U / S = 0 is used to indicate an operating system memory page and corresponds to the “administrator” level of the operating system. The administrator level of this operating system corresponds to the current privilege level 0 (CPL0) of software programs and routines executed by the x86 processor (the administrator level also corresponds to the CPL1 and / or CPL2 level of the x86 processor). May be). U / S = 1 is used to indicate a user memory page and corresponds to the “user” level of the operating system. The user level of the operating system corresponds to CPL3 of the x86 processor (the user level may also correspond to the CPL1 and / or CPL2 level of the x86 processor).

  The R / W bit is used to indicate the type of access permitted for the corresponding memory page. R / W = 0 indicates that only the read access is permitted to the corresponding memory page (that is, the corresponding memory page is “read only”). R / W = 1 indicates that both the read access and the write access are permitted for the corresponding memory page (that is, the corresponding memory page is “read / write enabled”).

  During the linear-physical address conversion operation shown in FIG. 1, a logical product operation is performed on the contents of each U / S bit of the page directory entry 112 and the page table entry 114 corresponding to the page frame 108, thereby It is determined whether access to the frame 108 is authenticated. Similarly, a logical product operation is performed on the contents of each R / W bit of the page directory entry 112 and the page table entry 114 to determine whether or not access to the page frame 108 is authenticated. If each logical combination of U / S and R / W bits indicates that access to page frame 108 is authorized, then access to memory location 116 is made using the physical address. On the other hand, if each logical combination of the U / S bit and the R / W bit indicates that access to the page frame 108 is not authorized, the memory location 116 is not accessed and a signal indicating a protection violation is generated. To do.

  Unfortunately, the memory protection mechanism of the x86 processor architecture described above is not sufficient to protect the data stored in memory. For example, any software program or routine that executes at an administrator level (eg, CPL value of 0) can access any part of the memory and “read only” (R / W = 0) of the memory. It is possible to change (that is, write) any part that is not marked with. Furthermore, by executing at the administrator level, a software program or routine can change the attributes (ie, U / S bit and R / W bit) of any part of the memory. Therefore, any part of the memory labeled “Read Only” can be changed to “Read / Write” (R / W = 1) by the software program or routine, and the memory It becomes possible to continue to change the part.

  The protection mechanism of the x86 processor architecture is also inadequate in preventing erroneous access to the memory, ie unauthorized access, by a hardware device operably connected to the memory. In fact, in a write access initiated by the hardware device (without the attribute of the portion that is changed at the beginning in the memory), the portion of the memory labeled “Read Only” cannot be changed. Also, a software program or routine (for example, a device driver) that handles data transfer between a hardware device and a memory is normally executed at a user level (for example, CPL3), and an administrator level (U / S = 0) in the memory. It is also true that access to the marked part is not permitted. However, the protection mechanism of the x86 processor architecture covers only device accesses to memory (ie, programmed inputs / outputs) that result from executing instructions. The device driver can program a hardware device having a bus mastering function or a DMA function that transfers data from the hardware device to any part of the memory accessible by the hardware device. For example, it is relatively easy to program a floppy disk controller to transfer data directly from a floppy disk to the portion of the memory used to store the operating system.

  In addition, the x86 processor architecture protection mechanism does not address inter-device access. All components of a computer system, including hardware devices, are typically operably coupled to one another for easy communication. During system initialization (ie, “boot-up”), the CPU executes instructions (ie, programs) that configure each hardware device to perform a desired function. During normal operation of the computer system, the CPU and each hardware device access each other using a predetermined protocol. However, in order to obtain confidential information from the second hardware device or to change the function programmed in the second hardware device, the unauthorized device driver software has a bus mastering function or a DMA function. A first hardware device may be programmed to access a second hardware device. Such an access may result in programming the second hardware device to operate in such a way as to cause physical damage to the second hardware device.

  In certain aspects of the invention, an apparatus is provided. The apparatus includes a security check unit (SCU) configured to connect to a transmission medium. The SCU is configured to monitor a signal on the transmission medium and detect based on the signal an attempt to access a second device connected to the transmission medium by a first device connected to the transmission medium. Yes. The SCU is also configured to identify the first device based on the signal and control access to the second device (414A-414D) by the first device according to the identification result of the first device. Yes.

  In another aspect of the invention, another apparatus is provided. The apparatus includes a security check unit (SCU) configured to connect to a transmission medium. The SCU is configured to monitor a signal on the transmission medium and detect based on the signal an attempt to access a second device connected to the transmission medium by a first device connected to the transmission medium. Yes. The SCU also identifies the first device based on the signal and determines whether the first device is authorized to access the second device based on the identification result of the first device. It is configured. The SCU also has a configuration that configures the second device to allow an access attempt by the first device if the first device is authorized to access the second device.

  In yet another aspect of the present invention, a method for providing access security to a target device is provided. This method is a method of monitoring a signal and detecting an access attempt by another device to the target device based on the signal. This method is also a method of identifying another device using a signal and controlling access to the target device according to the identification result of the other device.

  The present invention will be understood by reference to the following description taken in conjunction with the accompanying drawings. In the following description, equivalent reference numerals indicate similar elements.

  While the invention is susceptible to various modifications and alternative forms, specific embodiments of the invention have been shown by way of example in the drawings and are herein described in detail. However, the description of the embodiments provided herein is not intended to limit the invention to the particular forms disclosed, but on the contrary, the invention is as defined by the appended claims. It should be understood that all modifications, equivalents, and alternatives falling within the spirit and scope of the present invention are included.

  In the following, exemplary embodiments of the present invention will be described. For the sake of simplicity, this description does not describe all the features of the actual embodiment. Of course, development in any of these actual embodiments will require specific decisions for each example in order to achieve developer-specific goals that vary from example to example, such as compliance with system and business constraints. It will be appreciated that many things must be done. Further, it will be appreciated that such development efforts are complex and time consuming, but may still be routines undertaken by those of ordinary skill in the art to benefit from the present disclosure.

  FIG. 4 is a diagram of one embodiment of a computer system 400 that includes a CPU 402, a system or “host” bridge 404, a memory 406, and a first device bus 408 (eg, a peripheral device connection or PCI bus). , A device bus bridge 410, a second device bus 412 (eg, an industry standard architecture or ISA bus), and four device hardware units 414A-414D. The host bridge 404 is connected to the CPU 402, the memory 406, and the device bus 408. Host bridge 404 converts signals between CPU 402 and device bus 408 and operably connects memory 406 to CPU 402 and device bus 408. The device bus bridge 410 is connected between the device bus 408 and the device bus 412, and converts a signal between the device bus 408 and the device bus 412. In the embodiment of FIG. 4, the device hardware units 414A and 414B are connected to the device bus 408, and the device hardware units 414C and 414D are connected to the device bus 412. One or more of the device hardware units 414A to 414D may be, for example, a storage device (eg, hard disk drive, floppy disk drive, CD-ROM drive), communication device (eg, modem or network adapter), or input / output It may be a device (eg, video device, audio device, printer).

  In the embodiment of FIG. 4, CPU 402 includes a CPU security check unit (SCU) 416 and host bridge 404 includes a host bridge SCU 418. As described in more detail below, the CPU SCU 416 protects the memory 406 from access that is generated by the CPU 402 (ie, “software-initiated access”) and is not authenticated, and the host bridge SCU 418 is a device hardware unit. The memory 406 is protected from access that is activated by 414A to 414D (that is, “access activated by hardware”) and is not authenticated. In another embodiment, the host bridge 404 may be a part of the CPU 402 as shown in FIG.

  FIG. 5 is a diagram illustrating the relationship between the various hardware and software elements of the computer system 400 of FIG. In the embodiment of FIG. 5, a plurality of application programs 500, an operating system 502, a security kernel 504, and device drivers 506 </ b> A to 506 </ b> D are stored in the memory 406. Application program 500, operating system 502, security kernel 504, and device drivers 506 </ b> A to 506 </ b> D include instructions executed by CPU 402. The operating system 502 provides a user interface and software “platform” on which the application program 500 operates. The operating system 502 may also provide basic support functions such as file system management, process management, input / output (I / O) control, and the like.

  The operating system 502 may also provide basic security functions. For example, CPU 402 (FIG. 4) may be an x86 processor that executes instructions in a set of x86 instructions. In this case, the CPU 402 may provide both virtual memory and memory protection features in the protected mode as described above by providing dedicated hardware elements. The operating system 502 operates, for example, the CPU 402 in the protected mode, and performs both virtual memory and memory protection in the protected mode using a dedicated hardware element of the CPU 402 (registered trademark: Microsoft Corporation, Redmond, Washington). It may be one of the operating systems of the system.

  As described in detail below, the security kernel 504 provides additional security features beyond the security features provided by the operating system 502 to protect the data stored in the memory 406 from unauthorized access. . In the embodiment of FIG. 5, device drivers 506A-506D are operatively associated with and connected to corresponding device hardware units 414A-414D, respectively. Device hardware units 414A, 414D are “secure” devices [or secure devices] and corresponding device drivers 506A, 506D are “secure” device drivers. The security kernel 504 is connected between the operating system 502 and the secured device drivers 506A, 506D, and secured by the application program 500 and the operating system 502 to the secured device drivers 506A, 506D and corresponding secured devices. All accesses to 414A and 414D are monitored. Security kernel 504 prevents unauthorized access to secured device drivers 506A, 506D and corresponding secured devices 414A, 414D by application program 500 and operating system 502.

  As shown in FIG. 5, the security kernel 504 is connected to the CPU SCU 416 and the host bridge SCU 418 (eg, via one or more device drivers). As described in detail below, the CPU SCU 416 and the host bridge SCU 418 control access to the memory 406. The CPU SCU 416 monitors all accesses to the memory 406 activated by software, and the host bridge SCU 418 monitors all accesses to the memory 406 activated by hardware. The CPU SCU 416 and the host bridge SCU 418 only allow access to the authenticated memory 406 once configured by the security kernel 504.

  In the embodiment of FIG. 5, device drivers 506B and 506C are “unsecured” device drivers, and corresponding device hardware units 414B and 414C are “unsecured” device hardware units. Device drivers 506B, 506C and corresponding device hardware units 414B, 414C may each be, for example, “legacy” device drivers and device hardware units.

  Note that in other embodiments, the security kernel 504 may be part of the operating system 502. In yet another embodiment, the security kernel 504, device drivers 506A, 506D, and / or device drivers 506B, 506C may be part of the operating system 502.

  FIG. 6 is a diagram illustrating one embodiment of the CPU 402 of the computer system 400 of FIG. In the embodiment of FIG. 6, the CPU 402 includes an execution unit 600, a memory management unit (MMU) 602, a cache unit 604, a bus interface unit (BIU) 606, a set of control registers 608, and a set of security protection execution modes ( SEM) register 610. CPUSCU 416 is located within MMU 602. As will be described in detail below, a set of SEM registers 610 are used to implement a security protection execution mode (SEM) in the computer system 400 of FIG. 4, and each operation of the CPU SCU 416 and the host bridge SCU 418 is one. It is managed by the contents of a set of SEM registers 610. Access (eg, write and / or read) to the SEM register 610 is performed by the security kernel 504 (FIG. 5). (I) The CPU 402 is an x86 processor that operates in the x86 protected mode. (Ii) Memory paging is possible. (Iii) When the SEM operation is defined by the contents of the SEM register 610, the computer system 400 of FIG. May operate, for example, in a SEM.

  In general, the operation of the CPU 402 is managed by the contents of a set of control registers 608. That is, the operations of the execution unit 600, the MMU 602, the cache unit 604, and / or the BIU 606 are managed by the contents of the set of control registers 608. The set of control registers 608 may include, for example, a plurality of x86 processor architecture control registers.

  The execution unit 600 of the CPU 402 extracts an instruction (for example, x86 instruction) and data, executes the extracted instruction, and generates a signal (for example, address, data, control signal) during the execution of the instruction. The execution unit 600 is connected to the cache unit 604, but may receive an instruction from the memory 406 (FIG. 4) via the cache unit 604 or the BIU 606.

  The memory 406 (FIG. 4) of the computer system 400 includes a plurality of memory locations, each having a unique physical address. The address space of the CPU 402 is divided into a plurality of blocks called page frames or “pages” when operating in the protect mode with paging enabled. As described above, only data corresponding to a portion of the page is stored in the memory 406 at any time. In the embodiment of FIG. 6, the address signal generated by execution unit 600 during instruction execution represents a segmented (ie, “logical”) address. As described below, the MMU 602 translates the segmented addresses generated by the execution unit 600 into corresponding physical addresses in the memory 406. The MMU 602 supplies a physical address to the cache unit 604. The cache unit 604 is a relatively small-capacity storage unit that is used to store instructions and data that have just been fetched by the execution unit 600. The BIU 606 is connected between the cache unit 604 and the host bridge 404, and is used for fetching instructions and data not existing in the cache unit 604 from the memory 406 via the host bridge 404.

  FIG. 7 is a diagram illustrating an embodiment of the MMU 602 of FIG. In the embodiment of FIG. 7, MMU 602 includes segmentation unit 700, paging unit 702, and selection logic 704 that selects between both outputs of segmentation unit 700 and paging unit 702 to generate a physical address. As shown in FIG. 7, segmentation unit 700 receives a segmented address from execution unit 600 and generates a corresponding linear address at the output using well-known segment-linear address translation mechanisms in the x86 processor architecture. . As shown in FIG. 7, the paging unit 702 receives the linear address generated by the segmentation unit 700 and generates a corresponding physical address at the output, if enabled by the “paging” signal. This paging signal may mirror the paging flag (PG) bit in control register 0 (CR0) that belongs to the x86 processor architecture and also belongs to a set of control registers 608 (FIG. 6). When the paging signal is deasserted, memory paging is not possible and the selection logic 704 generates the linear address received from the segmentation unit 700 as a physical address.

  Asserting the paging signal enables memory paging, and the paging unit 702 corresponds to the linear address received from the segmentation unit 700 using the linear-physical address translation mechanism 100 of the x86 processor architecture (FIG. 1) described above. Convert to physical address. As described above, during the linear-physical address translation operation, the logical product operation is performed on the contents of each U / S bit of the selected page directory entry and the selected page table entry, thereby Determine if access is authenticated. Similarly, an AND operation is performed on the contents of each R / W bit of the selected page directory entry and the selected page table entry, thereby determining whether or not access to the page frame is authenticated. . If each logical combination of U / S and R / W bits indicates that access to the page frame is authorized, the paging unit 702 generates a physical address resulting from the linear-to-physical address translation operation. The selection logic 704 receives the physical address generated by the paging unit 702, generates the physical address received from the paging unit 702 as a physical address, and supplies the physical address to the cache unit 604.

  On the other hand, if each logical combination of the U / S bit and the R / W bit indicates that access to the page frame 108 is not authorized, the paging unit 702 does not generate a physical address during the linear-physical address translation operation. . Instead, the paging unit 702 asserts a general protection fault (GPF) signal, and the MMU 602 sends a GPF signal to the execution unit 600. Upon receipt of the GPF signal, the execution unit 600 may execute an exception handler routine, and finally stops execution of one of the application programs 500 (FIG. 5) that is operating when the GPF signal is asserted. May be.

  In the embodiment of FIG. 7, the CPUSCU 416 is located within the paging unit 702 of the MMU 602. The paging unit 702 may also include a translation index buffer (TLB) that stores a relatively small number of linear-to-physical address translations that have just been determined.

  FIG. 8 is a diagram illustrating an embodiment of the CPUSCU 416 of FIG. In the embodiment of FIG. 8, CPUSCU 416 includes security check logic 800 and security attribute table (SAT) entry buffer 802 that interface with a set of SEM registers 610 (FIG. 6). As described below, the SAT entry includes additional security information beyond the U / S and R / W bits of the page directory entry and page table entry corresponding to the memory page. The security check logic 800 uses this additional security information stored in a certain SAT entry to prevent unauthenticated access by the software to the corresponding memory page. The SAT entry buffer 802 is used to store a relatively small number of SAT entries of the memory page that has just been accessed.

  As described above, a set of SEM registers 610 are used to implement a security protection execution mode (SEM) within the computer system 400 of FIG. The operation of the CPU SCU 416 is managed by the contents of the set of SEM registers 610. The security check logic 800 receives information stored in the SAT entry buffer 802 from the MMU 602 via the communication bus shown in FIG. Security check logic 800 also receives the physical address generated by paging unit 702.

  A method for obtaining additional security information of a memory page selected using the address translation mechanism 100 of FIG. 1 in the computer system 400 of FIG. 4 will be described with reference to FIGS. FIG. 9 is a diagram illustrating one embodiment of a mechanism 900 for accessing a SAT entry for a selected memory page to obtain additional security information for the selected memory page. The mechanism 900 of FIG. 9 may be incorporated within the security check logic 800 of FIG. 8, and the computer system 400 of FIG. 4 may be implemented while operating in the SEM. Mechanism 900 includes a physical address 902 generated by paging mechanism 702 (FIG. 7) using address translation mechanism 100 of FIG. 1, a plurality of SATs including SAT directory 904, SAT 906, and a SAT base address of a set of SEM registers 610. Register 908 is included. The plurality of SATs including the SAT directory 104 and the SAT 906 are SEM data structures generated and maintained by the security kernel 504 (FIG. 5). As described below, the SAT directory 104 (if present) and any required SAT are copied to the memory 406 prior to being accessed.

  The SAT base address register 908 includes a presence (P) bit which means that there is a valid SAT directory base address in the SAT base address register 908. The most significant (ie, most significant) bit of the SAT base address register 908 is reserved for the SAT directory base address. The SAT directory base address is a base address of a memory page including the SAT directory 904. When P = 1, the SAT directory base address is valid and the SAT table specifies the security attributes of each memory page. When P = 0, the SAT directory base address is not valid, so there is no SAT table, and the security attribute of each memory page is determined by the SAT default register.

  FIG. 10 is a diagram illustrating an embodiment of the SAT default register 1000. In the embodiment of FIG. 10, the SAT default register 1000 includes secure page (SP) bits. The SP bit indicates whether all memory pages are secure pages. For example, if SP = 0, not all memory pages will be secure pages. Also, if SP = 1, all memory pages will be secure pages.

  9 again, assuming that the P bit of the SAT base address register 908 is “1”, the physical address 902 generated by the paging logic 702 (FIG. 7) is used to access the SAT entry of the selected memory page. Divided into three parts. As described above, the SAT directory base address of the SAT base address register 908 is the base address of the memory page in which the SAT directory 904 is included. The SAT directory 904 includes a plurality of SAT directory entries including a SAT directory entry 910. Each SAT directory entry may have a corresponding SAT in memory 406. The portion of the physical address 902 “upper” includes the highest order of the physical address 902, that is, the most significant bit, and is used as an index to the SAT directory 904. The SAT directory entry 910 is selected from the SAT directory 904 using the SAT directory base address of the SAT base address register 908 and the portion above the physical address 902.

  FIG. 11 is a diagram illustrating one embodiment of a SAT directory entry format 1100. According to FIG. 11, each SAT directory entry includes a presence (P) bit which means that there is a valid SAT base address in the SAT directory entry. In the embodiment of FIG. 11, the most significant (ie, most significant) bit of each SAT directory entry is reserved for the SAT base address. The SAT base address is a base address of a memory page including a corresponding SAT. When P = 1, the SAT base address is valid, so the corresponding SAT is stored in the memory 406.

  When P = 0, the SAT base address is not valid, so the corresponding SAT does not exist in the memory 406 and must be copied from the storage device (eg, disk drive) to the memory 406. If P = 0, the security check logic 800 may send a page fault signal to logic in the paging unit 702, and the MMU 602 may forward the page fault signal to the execution unit 600 (FIG. 6). In response to the page fault signal, the execution unit 600 may execute a page fault handler routine that retrieves the necessary SAT from the storage device and stores it in the memory 406. After storing the required SAT in memory 406, the P bit of the corresponding SAT directory entry is set to “1” and processing at mechanism 900 continues.

  In FIG. 9 again, the “middle” part of the physical address 902 is used as an index to the SAT 906. The SAT entry 906 is selected in this way in the SAT 906, and in this case, the middle part of the SAT base entry and the physical address 902 of the SAT directory entry 910 is used. FIG. 12 is a diagram illustrating an embodiment of a SAT entry format 1200. In the embodiment of FIG. 12, each SAT entry includes a secure page (SP) bit. The SP bit indicates whether the selected memory page is a secure page. For example, if SP = 0, the selected memory page may not be a secure page, and if SP = 1, the selected memory page may be a secure page. is there.

  BIU 606 (FIG. 6) retrieves the required SEM data structure entry from memory 406 and supplies the SEM data structure entry to MMU 602. Referring again to FIG. 8, the security check logic 800 receives SEM data structure entries from the MMU 602 and the paging unit 702 via the communication bus. As described above, the SAT entry buffer 802 is used to store a relatively small number of SAT entries for the memory page that has just been accessed. The security check logic 800 stores a particular SAT entry in the SAT entry buffer 802 along with the “tag” portion of the corresponding physical address.

  During the subsequent memory page access, the security check logic 800 generates the “tag” portion of the physical address generated by the paging unit 702 and the tag portion of the physical address corresponding to each SAT entry stored in the SAT entry buffer 802. You may compare. If the tag portion of the physical address matches the tag portion of the physical address corresponding to the SAT entry stored in the SAT entry buffer 802, the security check logic 800 may access the SAT entry in the SAT entry buffer 802, This eliminates the need to perform the process of FIG. 9 to obtain a SAT entry from memory 406. The security kernel 504 (FIG. 5) changes the contents of the SAT base address register 908 in the CPU 402 (eg, during a context switch). In response to the change of the SAT base address register 908, the security check logic 800 of the CPU SCU 416 may erase the SAT entry buffer 802 at once.

  If the computer system 400 of FIG. 4 is operating in an SEM, the security check logic 800 may indicate the current privilege level (CPL) of the currently executing task (ie, the currently executing instruction), with the physical address Received with a page directory entry (PDE) U / S bit, PDE R / W bit, page table entry (PTE) U / S bit, and PTE R / W bit for a selected memory page. Security check logic 800 uses the above information along with the SP bits of the SAT entry corresponding to the selected memory page to determine whether access to memory 406 is authorized.

  The CPU 402 of FIG. 6 may be an x86 processor and may include a code segment (CS) register, one of the 16-bit segment registers of the x86 processor architecture. Each segment register selects a 64K block of memory called a segment. In protected mode with paging enabled, the CS register is loaded with a segment selector that indicates an executable segment of memory 406. The most significant (ie, most significant) bit of the segment selector is used to store information indicating the segment of memory that contains the next instruction to be executed by the execution unit 600 of the CPU 402 (FIG. 6). The instruction pointer (IP) register is used to store the offset in the segment indicated by the CS register. This pair of CS: IP represents the segmented address of the next instruction. The two lowest bits (ie, the least significant) of the CS register store a value (ie, the CPL of the current task) that indicates the current privilege level (CPL) of the task that execution unit 600 is currently executing. Used for

  Table 1 below shows an example of a rule for memory access activated by the CPU (ie, activated by software) while the computer system 400 of FIG. 4 is operating in the SEM. The CPU SCU 416 (FIGS. 4-8) and the security kernel 504 (FIG. 5) work together to provide additional security for the data stored in the memory 406 beyond the data security provided by the operating system 502 (FIG. 5). Thus, the rules of Table 1 are implemented while the computer system 400 of FIG. 4 is operating in the SEM.

  In Table 1 above, the SP bit of the currently executing instruction is the SP bit of the SAT entry corresponding to the memory page including the currently executing instruction. The U / S bit of the selected memory page is the logical product of the PDE U / S bit and the PTE U / S bit of the selected memory page. The R / W bit of the selected memory page is a logical product of the PDE R / W bit and the PTE R / W bit of the selected memory page. The symbol “X” means “any”, that is, the logical value may be “0” or “1”.

  Referring again to FIG. 8, the security check logic 800 of the CPUSCU 416 generates a general protection fault (“GPF”) signal and a “SEM security exception” signal, and these GPF signal and SEM security exception signal to the logic within the paging unit 702. Supply. When security check logic 800 asserts the GPF signal, MMU 602 forwards the GPF signal to execution unit 600 (FIG. 6). Upon receipt of the GPF signal, execution unit 600 may access and execute the GPF handler routine using the well-known interrupt descriptor table (IDT) vectoring mechanism of the x86 processor architecture.

  When security check logic 800 asserts the SEM security exception signal, MMU 602 forwards the SEM security exception signal to execution unit 600. Unlike normal processor exceptions that use the IDT vectoring mechanism of the x86 processor architecture, other vectoring methods may be used to deal with SEM security exceptions. SEM security exceptions may be sent quickly through a pair of registers (eg, model specific registers or MSRS), similar to the way the x86 “SYSENTER” and “SYSEXIT” instructions operate. The pair of registers may be “security exception entry point” registers, and may specify a branch destination address for instruction execution when an SEM security exception occurs. The security exception entry point register includes a code segment (CS), an instruction pointer (IP or 64-bit version RIP), a stack segment (SS), and a stack pointer (SP or) used when entering the SEM security exception handler. Each value of the 64-bit version RSP) may be defined. Under software control, execution unit 600 (FIG. 6) may send the above SS, SP / RSP, EFLAGS, CS, and IP / RIP values onto a new stack that indicates where the exception occurred. The execution unit 600 may send an error code on the stack. Even if CPL does not change, the above SS and SP / RSP values are always saved and stack switching is always achieved, so use normal return from interrupt (IRET) instruction. There will be no. Thus, a return from the SEM exception handler may be achieved by defining a new instruction.

  FIG. 13 is a diagram illustrating an embodiment of the host bridge 404 of FIG. In the embodiment of FIG. 13, the host bridge 404 includes a host interface 1300, a bridge logic 1302, a host bridge SCU 418, a memory controller 1304, a device bus interface 1306, and a bus arbiter 1308. The host interface 1300 is connected to the CPU 402, and the device bus interface 1306 is connected to the device bus 408. The bridge logic 1302 is connected between the host interface 1300 and the device bus interface 1306. The memory controller 1304 is connected to the memory 406 and performs all accesses to the memory 406. The host bridge SCU 418 is connected between the bridge logic 1302 and the memory controller 1304. As described above, the host bridge SCU 418 controls access to the memory 406 via the device bus interface 1306. The host bridge SCU 418 monitors access to the memory 406 via the device bus interface 1306 and allows only those for which access to the memory 406 is authorized.

  In the embodiment of FIG. 13, the bus arbiter 1308 is connected to the device bus interface 1306, the bridge logic 1302, and the host bridge SCU 418. The bus arbiter 1308 coordinates between the bridge logic 1302, the device hardware units 414A, 414B (FIG. 4), and the device bus bridge 410 (FIG. 4) for controlling the device bus 408 (FIG. 4) (FIG. 4). Device hardware units 414C and 414D access the device bus 408 via the device bus bridge 410). Typically, the device bus 408 includes one or more signal lines that carry permission signals. Here, the permission signal is one of a plurality of states indicating which of the devices connected to the device bus 408 can control the device bus 408. The bus arbiter 1308 passes a permission signal on one or more signal lines that transmit the permission signal. The bus arbiter 1308 receives separate request signals from the device hardware units 414A, 414B and the device bus bridge 410 as usual. Here, each request signal is asserted by the corresponding device when the corresponding device needs to control the device bus 408. The bus arbiter 1308 may send separate permission signals to the device hardware units 414A and 414B and the device bus bridge 410. Here, a predetermined one of the permission signals is asserted to indicate that the corresponding device is permitted to control the device bus 408. As described in detail below, bus arbiter 1308 and host bridge SCU 418 cooperate to provide inter-device access security within computer system 400.

  FIG. 14 is a diagram illustrating an embodiment of the host bridge SCU 418 of FIG. In the embodiment of FIG. 14, the host bridge SCU 418 includes security check logic 1400 and a SAT entry buffer 1404 connected to a set of SEM registers 1402. A set of SEM registers 1402 manages the operation of the security check logic 1400 and includes the second SAT base address register 908 of FIG. The second SAT base address register 908 of the set of SEM registers 1402 may be an addressable register. When the security kernel 504 (FIG. 5) changes the contents of the SAT base address register 908 in the set of SEM registers 610 of the CPU 402 (eg, while switching status), the security kernel 504 is the same The value may also be written to the second SAT base address register 908 in the set of SEM registers 1402 of the host bridge SCU 418. In response to the change in the second SAT base address register 908, the security check logic 1400 of the host bridge SCU 418 may erase the SAT entry buffer 1404 at once.

  The security check logic 1400 receives the memory access signal of the memory access activated by the hardware device units 414A to 414D (FIG. 4) via the device bus interface 1306 and the bridge logic 1302 (FIG. 13). This memory access signal carries the physical address and associated control and / or data signals from the hardware device units 414A-414D. The security check logic 1400 may incorporate a mechanism 900 (FIG. 9) for obtaining a SAT entry for the corresponding memory page, and may implement the mechanism 900 while the computer system 400 of FIG. 4 is operating in the SEM. Good. The SAT entry buffer 1404 is similar to the SAT entry buffer 802 of the CPUSCU 416 (FIG. 8) described above and is used to store a relatively small number of SAT entries for recently accessed memory pages.

  While the computer system 400 of FIG. 4 is operating in the SEM, the security check logic 1400 of FIG. 14 uses the additional security information of the SAT entry associated with the selected memory page to authenticate the predetermined memory access initiated by the hardware. Determine whether it has been. If the predetermined memory access activated by this hardware is authenticated, the memory access signal for memory access (that is, the control signal and / or data signal associated with the address signal for transmitting the physical address) is issued by the security check logic 1400. Is supplied to the memory controller 1304. The memory controller 1304 accesses the memory 406 using control signals and / or data signals associated with physical addresses. When the access to the memory 406 is a write access, the data transmitted by the data signal is written to the memory 406. When the access to the memory 406 is a read access, the memory controller 1304 reads data from the memory 406 and supplies the read data to the security check logic 1400. The security check logic 1400 transfers the read data to the bridge logic 1302, and the bridge logic 1302 supplies the data to the device bus interface 1306.

  On the other hand, if the predetermined memory access activated by the hardware is not authenticated, the security check logic 1400 supplies the physical address of access to the memory 406 and the related control signal and / or data signal to the memory controller 1304. Not done. If the non-authenticated memory access activated by the hardware is a memory write access, the security check logic 1400 may issue a write access completion signal and discard the write data without making any changes to the memory 406. . The security check logic 1400 may also form a log entry in the log (eg, set or clear one or more bits of the status register) to record security access violations. The security kernel 504 may periodically access the log to check for such log entries. If the unauthenticated memory access activated by the hardware is a memory read access, the security check logic 1400 may indicate a violation (eg, all “F”) to the device bus interface 1306 via the bridge logic 1302. Return as read data. Similarly, the security check logic 1400 may form a log entry as described above to record a security access violation.

  FIG. 15 is a flowchart illustrating one embodiment of a method 1500 for providing access security to memory used to store data located in multiple memory pages. Method 1500 reflects an example of the rules shown in Table 1 for memory accesses initiated by the CPU (ie, software initiated) while computer system 400 of FIG. 4 is operating in the SEM. The method 1500 may be incorporated within the MMU 602 (FIGS. 6-7). At step 1502 of method 1500, the linear address generated during instruction execution is received along with the security attribute of the instruction (eg, the CPL of the task containing the instruction). This instruction is in a memory page. In step 1504, the linear address is used to obtain at least one paged memory data structure (eg, page directory or page table) located in memory to obtain the base address and security attributes of the selected memory page. to access. The security attributes of the selected memory page may include, for example, the U / S bit and R / W bit of the page directory entry and the U / S bit and R / W bit of the page table entry.

  In decision step 1506, it is determined whether the access is authenticated using the security attribute of the instruction and the security attribute of the selected memory page. If access is authenticated, a physical address is generated in the selected memory page by combining the base address and offset of the memory page selected in step 1508. If access is not authenticated, a violation signal (eg, a general protection violation signal or a GPF signal) is generated at step 1510.

  In step 1512, following step 1508, is located in memory using the physical address of the selected memory page to obtain additional security attributes for the first memory page and additional security attributes for the selected memory page. Access is made to at least one security attribute data structure (eg, SAT directory 904 or SAT in FIG. 9). This additional security attribute of the first memory page may include, for example, a secure page (SP) bit as described above. Here, the SP bit represents whether or not the first memory page is a secure page. Similarly, additional security attributes for selected memory pages may include secure page (SP) bits. Here, the SP bit indicates whether or not the selected memory page is a secure page.

  In step 1514, a violation signal is generated according to the security attribute of the instruction, the additional security attribute of the first memory page, the security attribute of the selected memory page, and the additional security attribute of the selected memory page. Note that steps 1512 and 1514 of method 1500 may be incorporated within CPUSCU 416 (FIGS. 4-8).

  Table 2 below shows an example of a rule for a memory page access activated by the device hardware units 414A to 414D (that is, a memory activated memory access) when the computer system 400 of FIG. 4 is operating in the SEM. Memory access activated by such hardware may be activated by a bus mastering circuit in the device hardware units 414A to 414D, or may be activated by a DMA device at the request of the device hardware units 414A to 414D. Also good. The security check logic 1400 may be used when the computer system 400 of FIG. 4 is operating in the SEM to provide additional security for the data stored in the memory 406 beyond the data security provided by the operating system 502 (FIG. 5). The rules in Table 2 may be executed. In Table 2 below, the “target” memory page is a memory page in which a physical address transmitted by a memory access signal for memory access is located.

  In Table 2 above, the SP bit of the target memory page is obtained by the host bridge SCU 418 using the above-described mechanism 900 for obtaining the physical address of the memory access and the SAT entry of the corresponding memory page shown in FIG. .

  As shown in FIG. 2, when SP = 1 indicating that the target memory page is a secure page, the memory access is not authenticated. In this situation, the security check logic 1400 (FIG. 14) does not supply a memory access signal to the memory controller. A portion of the memory access signal (for example, control signal) represents the type of memory access, where the type of memory access is either a read signal or a write signal. When SP = 1 and the memory access signal indicates that the type of memory access is read access, the memory access is an unauthenticated read access, and the security check logic 1400 performs an unauthenticated read access. On the other hand, it responds by supplying all "F" (that is, bogus read data) instead of the actual memory contents. Security check logic 1400 may also respond to unauthenticated read accesses by recording a log of unauthenticated read accesses as described above.

  If SP = 1 and the memory access signal indicates that the type of memory access is write access, the memory access is an unauthenticated write access. In such a situation, the security check logic 1400 responds to an unauthorized write access by discarding the write data transmitted by the memory access signal. Security check logic 1400 may also respond to unauthenticated write accesses by recording a log of unauthenticated write accesses as described above.

  FIG. 16 is a flowchart illustrating an embodiment of a method 1600 for providing access security to a memory used to store data located in a plurality of memory pages. The method 1600 reflects an example of the rules shown in Table 2 for hardware-initiated memory accesses while the computer system 400 of FIG. 4 is operating in the SEM. The method 1600 may be incorporated within the host bridge 404 (FIGS. 4, 13, 14). In step 1602 of method 1600, a memory access signal for a memory access is received. Here, the memory access signal transmits the physical address in the target memory page. As described above, the memory access signal may be generated by a device hardware unit. In step 1604, to obtain the security attribute of the target memory page, the physical address is used to access at least one security attribute data structure located in the memory. The at least one security attribute data structure may include, for example, a SAT directory (for example, the SAT directory 904 in FIG. 9) and at least one SAT (for example, the SAT 906 in FIG. 9). The additional security attribute may include a secure page (SP) bit as described above indicating whether the subject memory page is a secure page. In step 1606, the memory is accessed using a memory access signal according to the security attribute of the target memory page. Note that steps 1600 and 1602 of method 1600 may be incorporated within host bridge SCU 418 (FIGS. 4, 13, and 14).

  As described above, the bus arbiter 1308 (FIG. 13) and the host bridge SCU 418 (FIGS. 4, 13, and 14) cooperate to provide inter-device access security within the computer system 400. The bus arbiter 1308 adjusts between devices connected to the device bus 408 (FIG. 4) in order to control the device bus 408 as described above, and transmits a permission signal to one or more signal lines of the device bus 408. Shed. The state of the permission signal indicates which of the devices connected to the device bus 408 controls the device bus 408.

  Here, an example of operations of the bus arbiter 1308 and the host bridge SCU 418 when the device bus 408 is a peripheral device connection (PCI) bus will be described. The bus arbiter 1308 is connected to the device bus 408 and can be flown through the device bus 408 (eg, bridge logic 1302 in FIG. 13, device hardware units 414A and 414B in FIG. 4, and FIG. 4). A total of n request signals REQ # 1 to REQ # n (symbol “#”) from the device bus bridge 410), when the signal is at a low voltage level, indicate that the signal is active, ie, asserted. Indicating that it has occurred). When a device m needs to control the device bus 408, the corresponding REQ # m signal is asserted by the device m. The bus arbiter 1308 generates permission signals GNT # 1 to GNT # n and supplies one of the permission signals to each of the n devices. When the GNT # m signal is asserted, device m is allowed to control device bus 408. In the following example, signals REQ # 1 and GNT # 1 are associated with device hardware 414A (FIG. 4), and signals REQ # 2 and GNT # 2 are associated with device hardware 414B (FIG. 4). .

  FIG. 17 is a diagram illustrating an embodiment of the host bridge SCU 418 of FIG. 4, in which the host bridge SCU 418 includes an access authentication table 1700. In general, the access authentication table 1700 has a different set of entries for each device that is connected to the device bus 408 and can use the device bus 408 (that is, a device having related signals REQ # and GNT #). FIG. 17 shows a first entry set corresponding to the device hardware 414A and a second entry set corresponding to the device hardware 414B.

  Each entry in the access authentication table 1700 corresponds to a device that is connected to the device bus 408 and can use the device bus 408. For example, in FIG. 17, the first entry in the first set of entries corresponding to device hardware 414A is directed to device hardware 414B. This first entry includes a “grant signal status” field that includes the phrase “GNT # 2 asserted”, which indicates that the first entry is true when the GNT # 2 signal is asserted. Yes. The first entry also includes a “authenticate access” value that corresponds to the device hardware 414B and indicates whether the device hardware 414B is authorized to access the device hardware 414A. The access authentication table 1700 may be generated and maintained by the security kernel 504 (FIG. 5).

  According to the PCI bus protocol, the bus activation, that is, the “transaction” is activated when the “activation” device accesses the “target” device. The target device may end the transaction by asserting the STOP # signal. When the activation device detects the asserted STOP # signal, the activation device must terminate the transaction and re-adjust control of the PCI bus to complete the transaction. If the target device asserts the STOP # signal before any data is transferred, this termination is called “retry”.

  Since the device bus 408 is a PCI bus, the device bus 408 includes multiplexed address and data (A / D) signal lines. The activation device connected to the device bus 408 sends the address signal for transmitting the address assigned to the target device to the multiplexed A / D signal line of the device bus 408, thereby causing the target connected to the device bus 408. Access to the device. For example, to control access to device hardware 414B connected to device bus 408, host bridge SCU 418 first programs device hardware 414B via the PCI bus and asserts the STOP # signal. The device hardware 414B is configured to respond to all access attempts (ie, prevent all access attempts by initiating a PCI bus retry).

  The host bridge SCU 418 is connected to the signal line of the device bus 408 via the device bus interface 1306 (FIG. 13), and attempts to access the device by monitoring the GNT # signal and the A / D signal line of the device bus 408. Is detected. For example, assume that device hardware 414A makes an attempt to access device hardware 414B. When the “boot” device hardware 414A attempts to access the “target” device hardware 414B, the device hardware 414B initiates a PCI bus retry (ie, on the A / D signal line of the device bus 408). The access attempt is blocked (by asserting the STOP # signal after detecting the address assigned to device hardware 414B). This action forces device hardware 414A to retry the access attempt with subsequent access attempts.

  While the device hardware 414B blocks the access attempt, the host bridge SCU 418 detects the access attempt via the address assigned to the device hardware 414B driven on the A / D signal line of the device bus 408. To do. Since the device hardware 414A controls the device bus 408, the GNT # 1 signal is asserted, and the device hardware 414A is recognized as the boot device via the GNT # 1 signal asserted by the host bridge SCU 418. Is done.

  The host bridge SCU 418 then determines whether the next access attempt by the device hardware 414A should be allowed. The host bridge SCU 418 accesses the second set of entries of the access authentication table 1700 (FIG. 17) corresponding to the device hardware 414B, and the second set having “(GNT # 1 assert)” in the permission signal status field. The first entry of is selected. The value for authenticating the access of the first entry is “1”, which means that the access to the device hardware 414B by the device hardware 414A is authenticated and the next access attempt by the device hardware 414A is permitted. Represents that

  Since the value authenticating this access indicates that the next access attempt by the device hardware 414A is permitted, the host bridge SCU 418 sends a signal to the bus arbiter 1308 (FIG. 13) that recognizes the device hardware 414A. . The bus arbiter 1308 grants control of the device bus 408 to the host bridge SCU 418 immediately prior to permission for subsequent control of the device bus 408 to the device hardware 414A. The host bridge SCU 418 sends a signal on the signal line of the device bus 408 that configures the device hardware 414B to allow the next access attempt by the device hardware 414A.

  Immediately following the next access attempt by device hardware 414A, bus arbiter 1308 again grants control of device bus 408 to host bridge SCU 418. Host bridge SCU 418 has detected an address assigned to device hardware 414B on the A / D signal line of device bus 408 to respond to all access attempts by initiating a PCI bus retry. A signal is sent on the signal line of the PCI bus comprising the device hardware 414B (to prevent all access attempts later by asserting the STOP # signal).

  The value for authorizing access in the selected entry of the access authentication table 1700 is “0” indicating that the boot device is not authorized to access the target device and that the boot device is not allowed to access the next time. In this case, the host bridge SCU 418 does not configure the target device to allow the next access attempt by the boot device, and the target device activates the PCI bus retry to activate the boot device. Continue to block access attempts by. Note that the atomic mechanism that performs the configuration-access-configuration described above only needs to be programmable to trigger a PCI bus retry in order to protect the existing PCI device.

  FIG. 18 is a flowchart illustrating one embodiment of a method 1800 applicable in a system including a first device and a second device connected to a bus, where the method 1800 provides access security to a second device. I will provide a. The method 1800 may be incorporated within the host bridge SCU 418 (FIGS. 4, 13, 14, 17). In step 1802 of method 1800, the signal flowing on the bus signal line is monitored. In step 1804, an attempt to access the second device by the first device is detected based on the signal. In step 1806, the signal is used to determine the identity of the first device, ie identify the first device. In step 1808, access to the second device is controlled according to the identity of the first device, ie the identification result. Control of access to the second device in step 1808 is based on (i) whether the first device is authorized to access the second device based on the identity of the first device, ie the identification result. And (ii) by configuring the second device to allow an access attempt by the first device if the first device is authorized to access the second device. May be achieved.

  Although various aspects of the present invention have been described herein with respect to bus structures, the present invention is not limited to the foregoing. The bus structure may be replaced with, for example, point-to-point connections that connect devices directly, or point-to-point connections that feed through a bridge or other location.

  Some aspects of the invention as disclosed above may be implemented in hardware or software. Thus, some of the detailed descriptions so far have been raised as a result in terms of the processes performed by the hardware and also operate on the data bus in the memory of the computing system or computing device. Some have been proposed in terms of the process performed by the software, with a symbolic representation of. These descriptions and expressions are the means used in the art to most effectively convey the purpose of the operation of each aspect to those skilled in the art using both hardware and software. Both processes and operations require physical manipulation of physical quantities. In software, though not necessarily required, these quantities take the form of electrical, magnetic, or optical signals that can be stored, transferred, combined, compared, and otherwise manipulated. In some cases, it has proven convenient to represent these signals as bits, values, elements, codes, characters, words, numbers, etc. primarily because they are shared.

  However, it should be noted that these phrases and similar phrases are all related to appropriate physical quantities and are merely convenient labels applied to these physical quantities. Throughout this disclosure, unless otherwise specified, these descriptions are based on physical (electrical, magnetic, or optical) quantities stored in a storage device of an electronic device. Or the operation and process of an electronic device that performs operations or conversions to other data similarly represented by physical quantities in the transfer device or display device. Examples of the phrase indicating such explanation include, but are not limited to, phrases such as “process process”, “calculation process”, “calculation”, “determination”, and “display”.

  Also, aspects implemented by the software of the present invention are typically encoded on a form of program storage medium or implemented on some type of transmission medium. The program storage medium may be a magnetic system (for example, a floppy disk or a hard disk) or an optical system (for example, a compact disk read-only memory, that is, “CD-ROM”), or may be read-only or randomly accessible. Similarly, the transmission medium may be any twisted pair, coaxial cable, optical fiber, or other suitable transmission medium known in the art. The present invention is not limited to these optional embodiments.

  The above-described individual embodiments are merely exemplary, as the invention may be modified and implemented in various and equivalent ways that will be apparent to those skilled in the art having the benefit of the teachings herein. Furthermore, no limitations are intended to the details of construction or design herein shown, other than as described in the following claims. It is therefore evident that the individual embodiments disclosed above may be altered or modified and all such variations are considered within the scope and spirit of the invention. That is, the protection sought here is that described in the following claims.

FIG. 2 is a diagram of the well known linear-to-physical address translation mechanism of the x86 processor architecture. FIG. 6 is a diagram of a page directory entry format for an x86 processor architecture. FIG. 6 is a diagram of a page table entry format for an x86 processor architecture. FIG. 2 is a diagram of one embodiment of a computer system including a CPU and system, or “host” bridge, in which the CPU includes a CPU security check unit (SCU) and the host bridge includes a host bridge SCU. FIG. 5 illustrates the relationship between various hardware and software elements of the computer system of FIG. FIG. 5 is a diagram illustrating an embodiment of a CPU of the computer system of FIG. 4 that includes a memory management unit (MMU). FIG. 2 is a diagram illustrating one embodiment of an MMU that includes a paging unit, the paging unit including a CPUSCU. FIG. 8 is a diagram illustrating an embodiment of a CPUSCU in FIG. 7. FIG. 6 illustrates one embodiment of a mechanism for accessing a security attribute table (SAT) entry for a selected memory page to obtain additional security information for the selected memory page. FIG. 4 is a diagram of one embodiment of a SAT default register. FIG. 4 is a diagram of one embodiment of a SAT directory entry format. FIG. 6 is a diagram of one embodiment of a SAT entry format. FIG. 5 is a diagram of one embodiment of the host bridge of FIG. 4, where the host bridge includes a host bridge SCU. FIG. 14 is a diagram of an embodiment of the host bridge SCU of FIG. 2 is a flowchart of one embodiment of a first method for providing access security to memory used to store data located in a plurality of memory pages. 6 is a flowchart of one embodiment of a second method for providing access security to memory used to store data located in a plurality of memory pages. FIG. 5 is a diagram of one embodiment of the host bridge SCU 418 of FIG. 4, where the host bridge SCU 418 includes an access authentication table. 2 is a flowchart of an embodiment of a method applicable in a system including a first device and a second device connected to a bus and providing access security for a second device.

Claims (10)

An apparatus comprising a security check unit (416, 418) configured to be connected to a transmission medium (408, 412),
The security check unit (416, 418)
Monitor signals on the transmission medium (408, 412);
Based on the signal, an attempt is made to access a second device (414A to 414D) connected to the transmission medium (408, 412) by a first device connected to the transmission medium (408, 412). ,
Identifying the first device (414A-414D) based on the signal;
An apparatus configured to control access to the second device (414A-414D) by the first device (414A-414D) according to the identification result of the first device (414A-414D).   The transmission medium (408, 412) includes a plurality of signal lines of a bus (408, 412), and a signal on the transmission medium (408, 412) includes a signal line on the bus (408, 412). The signal lines of the buses (408, 412) include a plurality of address lines and at least one signal line for transmitting a permission signal, and the first devices (414A to 414D) When the control of the bus (408, 412) is permitted, the permission signal is in the first state, and the first device (414A to 414D) accesses the second device (414A to 414D). During the trial, the permission signal is in the first state and the first device (414A to 414D) is connected to the signal line of the bus (408, 412). 2. An apparatus according to claim 1, wherein an address signal for transmitting an address assigned to a device (414A to 414D) is sent, and the security check unit (416, 418) monitors the address signal sent to an address line and the permission signal. .   The security check unit (416, 418) receives the first signal when the permission signal is in the first state and the address signal transmits the address assigned to the second device (414A-414D). The device (414A-414D) is configured to detect an attempt to access the second device (414A-414D), and the security check unit (416, 418) is configured to detect the first device (414A-414D). 3. The apparatus of claim 2, wherein the apparatus is configured to identify according to a state of the permission signal.   The apparatus of claim 1, wherein the security checking unit (416, 418) is provided in one of the group consisting of a processor (402) and a bridge (404).   The security check unit (416, 418) is configured to allow the first device (414A-414D) to authenticate access to the second device (414A-414D) when the first device (414A-414D) is authenticated. The apparatus of claim 1, comprising a configuration that configures the second device (414A-414D) to allow access attempts by 414A-414D). The security check unit (416, 418) includes an access authentication table (906) having an entry (912) corresponding to the second device (414A-414D),
The entry (912) corresponds to the first state of the permission signal and whether or not the first device (414A to 414D) is authorized to access the second device (414A to 414D). Including an access authorization value that represents
The security check unit (416, 418) determines whether the first device (414A-414D) is authorized to access the second device (414A-414D) in the first signal of the permission signal. The access authentication table (906) is accessed using a state to determine the access authentication value, and the access authentication value is determined by the first device (414A to 414D). The security check unit (416, 418) is connected to the signal line of the bus (408, 412), the first device (414A-414D). ) To allow all access attempts by the second device (414A- Flowing a signal constituting the 14D), apparatus according to claim 1. The apparatus further comprises an arbiter (1308) configured to coordinate control between a plurality of devices (414A-414D) connected to the transmission medium (408, 412);
The plurality of devices (414A to 414D) include at least the first device (414A to 414D) and the second device (414A to 414D),
The arbiter (1308) is further configured to send a signal of one of the plurality of devices (414A to 414D) that is allowed to be controlled,
The arbiter (1308) includes a bus arbiter (1308),
The transmission medium (408, 412) includes a bus (408, 412),
The bus (408, 412) includes a plurality of address lines and at least one signal line for transmitting a permission signal,
The bus arbiter (1308) outputs a permission signal indicating that the one device of the plurality of devices (414A to 414D) is permitted to control the bus (408, 412). , Configured to flow through the at least one signal line,
The security check unit (416, 418) is connected to the address line and the at least one signal line for transmitting the permission signal;
Furthermore, the security check unit (416, 418)
Monitor the address signal and the permission signal flowing on the address line of the bus (408, 412),
Detecting an attempt to access the second device (414A-414D) by the first device (414A-414D) based on the address signal;
Identifying the first device (414A-414D) based on the permission signal;
Whether the first device (414A to 414D) is authenticated to access the second device (414A to 414D) is determined based on the identification result of the first device (414A to 414D). ,
If the first device (414A-414D) is authorized to access the second device (414A-414D), allow an access attempt by the first device (414A-414D) The apparatus according to claim 1, wherein the apparatus comprises the second device (414 </ b> A to 414 </ b> D). A method of providing access security to a target device (414A to 414D),
Monitor the signal,
Based on the signal, an attempt to access the target device (414A to 414D) by another device (414A to 414D) is detected,
Using the signal to identify the other device (414A-414D);
A method for providing access security, wherein access to the target device (414A to 414D) is controlled according to an identification result of the other device (414A to 414D).   In the control performed according to the identification result of the another device (414A to 414D) for the access to the target device (414A to 414D), the target device (414A to 414D) by the another device (414A to 414D) 9. The method of claim 8, wherein access to 414A-414D) is controlled according to the identification result of said another device (414A-414D). In the control performed according to the identification result of the another device (414A to 414D) for the access to the target device (414A to 414D) by the another device (414A to 414D),
The other device (414A to 414D) determines whether it is authenticated to access the target device (414A to 414D) based on the identification result of the other device (414A to 414D),
If the other device (414A-414D) is authorized to access the target device (414A-414D), the target is allowed to allow an access attempt by the other device (414A-414D). The method according to claim 9, wherein control is performed to configure the devices (414 </ b> A to 414 </ b> D).

Images